diff --git a/terraform/deployments/elasticache/elasticache.tf b/terraform/deployments/elasticache/elasticache.tf index 553a8e7ad..bf1312e86 100644 --- a/terraform/deployments/elasticache/elasticache.tf +++ b/terraform/deployments/elasticache/elasticache.tf @@ -5,15 +5,13 @@ locals { } resource "aws_security_group" "cache" { - for_each = var.instances - name = "elasticache-${each.key}" + name = "elasticache-shared" vpc_id = data.tfe_outputs.vpc.nonsensitive_values.id - description = "EKS to ElastiCache instance ${each.key} (govuk-infrastructure/terraform/deployments/elasticache)" + description = "EKS to shared ElastiCache instance (govuk-infrastructure/terraform/deployments/elasticache)" } resource "aws_vpc_security_group_ingress_rule" "cache" { - for_each = var.instances - security_group_id = aws_security_group.cache[each.key].id + security_group_id = aws_security_group.cache.id from_port = 6379 to_port = 6379 @@ -21,30 +19,38 @@ resource "aws_vpc_security_group_ingress_rule" "cache" { referenced_security_group_id = data.tfe_outputs.cluster_infrastructure.nonsensitive_values.node_security_group_id } -resource "aws_elasticache_serverless_cache" "cache" { - for_each = var.instances - name = each.key - engine = "valkey" - major_engine_version = try(each.value.major_engine_version, local.default_engine_version) - security_group_ids = [aws_security_group.cache[each.key].id] - subnet_ids = data.tfe_outputs.cluster_infrastructure.nonsensitive_values.private_subnets - - cache_usage_limits { - data_storage { - maximum = try(each.value.max_storage_gb, local.default_max_storage_gb) - unit = "GB" - } - ecpu_per_second { - maximum = try(each.value.max_ecpus_per_second, local.default_max_ecpus_per_second) - } +resource "aws_elasticache_subnet_group" "cache" { + name = "elasticache-shared" + subnet_ids = data.tfe_outputs.cluster_infrastructure.nonsensitive_values.private_subnets +} + +resource "aws_elasticache_parameter_group" "cache" { + name = "elasticache-shared" + family = "valkey8" + + parameter { + name = "databases" + value = 10000 } } +resource "aws_elasticache_replication_group" "cache" { + replication_group_id = "govuk-shared" + description = "Shared Valkey" + num_cache_clusters = 1 + node_type = var.node_type + engine = "valkey" + engine_version = var.engine_version + parameter_group_name = aws_elasticache_parameter_group.cache.name + subnet_group_name = aws_elasticache_subnet_group.cache.name + security_group_ids = [aws_security_group.cache.id] +} + resource "aws_secretsmanager_secret" "urls" { name = "govuk/elasticache/urls" } resource "aws_secretsmanager_secret_version" "urls" { secret_id = "govuk/elasticache/urls" - secret_string = jsonencode({ for name, cache in aws_elasticache_serverless_cache.cache : name => "rediss://${cache.endpoint[0].address}:${cache.endpoint[0].port}" }) + secret_string = jsonencode({ for app, dbId in var.databases : app => "rediss://${aws_elasticache_replication_group.cache.primary_endpoint_address}:6379/${dbId}" }) } diff --git a/terraform/deployments/elasticache/variables.tf b/terraform/deployments/elasticache/variables.tf index 644150689..e610c15de 100644 --- a/terraform/deployments/elasticache/variables.tf +++ b/terraform/deployments/elasticache/variables.tf @@ -3,7 +3,19 @@ variable "govuk_environment" { description = "GOV.UK environment name" } -variable "instances" { - type = map(any) - description = "Map of instance name -> settings" +variable "databases" { + type = map(number) + description = "Map of app names to database IDs" +} + +variable "engine_version" { + type = string + default = "8.0" + description = "ValKey version" +} + +variable "node_type" { + type = string + default = "cache.m7g.xlarge" + description = "ElastiCache node type" }